Virtual Machine Forensics and Network Forensics - Article Example

According to the paper, a virtual machine (VM) is a software program for creating different environments with each of the environment simulating its components (both hardware and software). Each of the environments (virtual machine) mimics a real computer system with its operating system and hardware…

Extract of sample "Virtual Machine Forensics and Network Forensics"

﻿Virtual Machine Forensics A virtual machine (VM) is a software program for creating different environments with each of the environment simulating its components (both hardware and software). Each of the environments (virtual machine) mimics a real computer system with its operating system and hardware. In digital forensics the user controls each of the virtual machines independently.Network forensics refers to the capture, storage, and analysis of network traffic. It can be used interchangeably with terms such as packet mining, packet forensics, or digital forensics. Regardless, the concept remains the same i.e. recording packet traffic of emails, database queries, Web browsing to a single searchable network traffic database for detailed examination (Habib).Network forensics involves: 1) Identifying and responding to attacks against computer systems 2) The utilisation of security devices in gathering evidence data 3) utilising the networks for passive information collection during an investigation VM examintion Typical digital forensic investigation is divided into four main stages namely; access, acquire, analyze and report. In the access phase, the examiner records details of the virtual machines. Then makes copies of all data from the running system and generate the forensic image of all storage media a process known as acquisition. The acquired image can be used by forensics tools (open-source or commercial) such as EnCase, Sleuthkit, Live View and FTK to carry out a forensics analysis. VMware has Snapshot feature that permits the examiner to suspend the state of a VM at any specific point of time. Creating a forensics image of a VMTraditional computer forensics is conducted in relation to physical machines in generating disk images and memory dumps. In contrast to typical computer forensics, Virtual machine requires live forensics to acquire volatile data and depends on the system hosting the virtual machines. VM simulates basic hardware parts and provides support to a limited range of hardware devices. The created dd image can’t be directly booted in a VM environment.The VM requires extra files of the environment being booted. There are significant changes needed in the original environment to enable the image to boot in the VM environment. When the system is booted new data will be written to the original image thus modifying it (overwriting of old data). This necessitates the creation of backup copy of the original data. The original data is write-protected. The succeeding phases of data analysis are conducted on this copy leaving the original data untouched.Other system acquisitionsTypically both FTK imager and EnCase forensic tools need a write blocker device to capture the image a live physical drive. This is not the case with VMware virtual disks. These disks are organized as files and therefore the image can be generated without a write blocker being included. These forensic tools (FTK imager and EnCase) can be used to generate both raw images for VM hard disks and the computed hashes of the raw images. Both tools create the matching MD5 and SHA1 hashes. It is therefore resolved that VM hard disk files can be securely converted to raw/dd images without necessarily using the write block device.Work citedHabib, Joe. 'Network Forensics And Digital Time Travel | Hacking | Technewsworld'. Technewsworld.com. N.p., 2006. Web. 27 Apr. 2015.Huebner, Ewa, and Stefano Zanero. Open Source Software For Digital Forensics. New York: Springer, 2010. Print
Read More

CHECK THESE SAMPLES OF Virtual Machine Forensics and Network Forensics

...? Project Network Intrusion Detection and Forensics Project Aims: Compare and Contrast two or more of a widely used Open Source Network Intrusion Detection Systems (NIDS): Snort and Bro Abstract Computers have come to assume in all aspects of our lives, and the lack of reliable networks in modern computing environments in plainly inconceivable. The supremacy of information technology in running many modern systems hinges on the continued reliability of computer networks. Without stable computer network systems, many simple computing activities we have come to assume as part of our daily routines: sending emails, browsing the web, making...

...?Part Computer forensics has always interested me and though I have considered myself close to being an expert in computer science, I must admit I have had to concede that I have learned that one can do many illicit things with a computer; situations that I did not know existed. Yet on the same token the forensic investigators, “the good guys”, can counter these illegal operations with many sophisticated tricks of their own. Sometimes it is not as instantaneous or glamorous as the fancy gadgets they show on CSI NY but they have many tools available to recreate crimes that can eventually hold up in court. But the TV shows have it right in at least one respect. Not only must the computer...

.... There is also the need for a toolkit to help the human senses perceive the presentation of digital information well since it is impossible to view electronic record on an electromagnetic tape without a suitable toolkit.
In digital forensics, the investigating system administrator can recover data even if erased from a user’s point of view. This makes techniques for recovery of erased information central to digital forensics. There is a variety of digital sources including computers, hard disks, VLSI chips, digital cameras, mobile phones, copiers, printers, backup tape, DVDs, CDs and network routers plus software and communication protocols.
The Daubert test
The Daubert standard is a...

...Running Head: Forensic Biology Forensic Biology [Institute’s Forensic Biology Introduction In specific, the paper will discussand analyze one of the significant techniques in forensic biology: Forensic Toxicology. The legend of the pop industry, Michael Jackson, died on June 25, 2009. That was one of biggest shocks to the music industry and he left millions of his fans with tears and his unforgettable memories. Immediately after his death, every one had questions regarding the causes of the death of Michael. This is one of departments, which a forensic scientist is responsible for dealing with. The initial reports regarding the deal of...

...Forensics Introduction: The scientific evidence that would be considered in this study would be that of Ddeoxyribonucleic Acid or simply DNA testing, or DNA profiling, or fingerprinting.
In real terms the presence of DNA clues in a crime location could make all the difference between return of a guilty verdict, or the exoneration of a suspect. Crime fighters and forensic experts make good use of DNA profiling by matching DNA profiles found at the site of crimes with the DNA records stored in the database of law enforcement authorities. Over the years of its useful application for major tests, and successful accomplishment as a major crime detector, DNA has, perhaps through trials and errors, evolved as a...

...to US-CERT (2008), “computer forensics is the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (US-CERT, 2008,p.1). Computer forensics is an important tool for managers and network administrators who handle the security related issues of the computer systems. Proper understandings about the legal and technical aspects of computer forensics will help the computer professionals to locate and prosecute the intruders more easily. This paper briefly analyses the characteristics of...

...Network/System Forensics Cyber Attacks Cyber attack can be referred to as the computer to computer attacks that are carried out to erase, alter, orsteal information or to impede or destroy the functioning of the targeted computer system (Pangi, 2003). It can also be defined as an attempt to compromise the functionality of the computer-based system or an attempt to monitor the individual’s online movement without their consent or permission. In most cases, these attacks are undetectable to the network administrator or the end user or it can lead to disruption of the network in such a way that the end user is unable to perform some of the rudimentary tasks. These...

..., New York Computer Forensic Services support a wide variety of businesses in all aspects of computer forensic authentication achievement, protection, and arrangement by minimizing expenditures and making sure that proof does not become tainted. In addition, New York Computer Forensic Services Company specializes in a number of forensic services, which are: (Global Digital Forensics, 2012)
E-mail Forensics
Computer ForensicsNetworkForensics
Data Acquisition
Full Computer Forensic Investigations
Evidence Processing
Database Forensics
Backup Tape...

...NetworkForensics in the Cloud al Affiliation Introduction Cloud computing presents many favourable economic and technological opportunities for the future thereby being arguably the most discussed and attended to information technology (Peterson, & Shenoi, 2009). However, customers remain reluctant to use this technology for the challenges it poses to their security and the risk of the unknown. The Cloud Service Providers buoy up the perception of not letting users see whatever is behind the ‘virtual curtain’ and to this regard the ability to carry out digital investigations may be less efficient.
The challenges of performing networkforensics are...

...45 questions, worth 2 points each question worth 10 points In a criminal investigation, the prosecutor is required to provide a copy of all evidence in discovery. In these investigations, what is the minimum number of copies that should be made of each digital media device? ________
TWO
2. True or False: Of the three phases of an investigation: Acquisition, Authentication, and Analysis, Acquisition is the process of retrieving digital evidence and verifying that it is authentic. ________ FALSE
3. “A specialty field in which companies retrieve files that were deleted accidentally or purposefully” is the definition for which of the following terms? ________
a. Private Investigation
b. Computer Forensics
c. Data...

2 Pages(500 words)Coursework

sponsored ads

Save Your Time for More Important Things

Let us write or edit the article on your topic
"Virtual Machine Forensics and Network Forensics"
with a personal 20% discount.